If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

What's an WEB-IIS ISAPI .ida attempt?

...about once a week or so (maybe more), I get these attacks from an IP on the CHINA RAILWAY TELECOMMUNICATIONS CENTER (from APNIC whois). They also tried a cmd.exe access. I'm running an old NT server behind a Smoothie and every once in a while I'll have a gander at the logs. I'm still enamored of the fact the Chinese take such an interest in me, but methinks they probe the US internet quite extensively. Fwiw, I nmapped 'em and they're buttoned up tight. It's nothing critical, just some development sites I'm working on.

On an added note...

...I sometimes run Remote Administrator from Famatech for access over the net. I'll typically block and unblock firewall access to the software as I see fit. I notice in checked those logs attempts to login to the program and it's always seven attempts; never less, never more. Some kiddies out there running scripts for radmin?

You can bet your last dollar that there is a fair amount of radmin exploit attempts all over the 'Net. I consider it 'background noise'.

I get a TON of probes and exploits on my clients Pac-rim systems, a lot of which show apparently Chinese points of origin. I think it's as much directed scans as compromised systems that are being controlled from elsewhere. It's not all that special that it comes from China.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore